A financial institution is using Cortex Cloud's DSPM capabilities to classify data across their multi-cloud environment. A security analyst discovers that several newly provisioned AWS S3 buckets containing financial projections are not being scanned or classified. All existing buckets are scanned correctly. What is the most likely reason for this failure?
A DevOps team is managing a large-scale Kubernetes environment. A recent KSPM scan from Cortex Cloud flagged numerous workloads for violating the CIS Kubernetes Benchmark regarding immutable file systems. Which of the following configurations in a Kubernetes pod security context would proactively enforce this best practice?
A security architect is designing a runtime protection strategy for a serverless application composed of AWS Lambda functions. The primary concern is detecting and blocking malicious activity, such as command injection, within the function's execution environment. Which Cortex Cloud Defender type is specifically designed for this purpose?
During a CI/CD pipeline run for a containerized application, the Cortex Cloud SCA scan fails the build. The scan report indicates a critical vulnerability (CVE-2024-XXXX) in an open-source library, `log-utils.js`, which is a transitive dependency of a directly imported package. What is the most effective and immediate action a developer can take to remediate this issue and allow the pipeline to proceed securely?
A SOC analyst receives a high-severity alert from Cortex CDR indicating suspicious lateral movement between two EC2 instances. The alert provides the source and destination IP addresses, the protocol used (SSH), and a MITRE ATT&CK mapping to T1021.004 (Remote Services: SSH). To effectively investigate and contain this threat, which TWO actions should the analyst perform first using the CDR module? (Select TWO)
True or False: The primary function of AI Security Posture Management (AI-SPM) in Cortex Cloud is to use AI to detect misconfigurations in standard cloud resources like storage buckets and virtual machines.
**Case Study:** A rapidly growing e-commerce company, ShopFast, has deployed its entire infrastructure on Google Cloud Platform (GCP). Their environment consists of a Kubernetes cluster (GKE) for microservices, Cloud SQL for databases, and Cloud Storage for static assets. The CISO is concerned about the company's identity and access management posture after a security audit revealed numerous service accounts with overly permissive, project-level roles like 'Editor'. The goal is to enforce the principle of least privilege without disrupting critical application functions. The security team uses Cortex Cloud for posture management. They need to identify all service accounts that have permissions they have never used and automatically generate recommendations for tightened IAM policies. The team must then be able to review these recommendations and apply them in a safe, controlled manner. Which Cortex Cloud capability is specifically designed to address this requirement?
A security engineer is configuring a WAAS policy in Cortex Cloud to protect a web application from OWASP Top 10 threats. The application uses a custom HTTP header, `X-Transaction-ID`, to track user sessions. A recent penetration test showed that this header is vulnerable to SQL injection. How should the engineer configure the WAAS policy to specifically mitigate this vulnerability without affecting other headers?
A cloud administrator is tasked with deploying Cortex Host Defenders to a fleet of 500 virtual machines running in Azure. The goal is to automate the deployment process fully, ensuring that any new VM added to a specific resource group is automatically protected. Which deployment method should be used?
A security team is using Cortex Cloud's IaC scanning to secure its Terraform code before deployment. The scanner flags a resource for having a hardcoded password. Which Terraform feature should the team use to manage this secret securely and resolve the IaC scan finding? ```terraform resource "aws_db_instance" "default" { allocated_storage = 10 engine = "mysql" engine_version = "5.7" instance_class = "db.t3.micro" name = "mydb" username = "foo" password = "____" # IaC Scanner flags this line parameter_group_name = "default.mysql5.7" skip_final_snapshot = true } ```